In the Attachment Processing → Filtering settings, you can specify rules to indicate which attachments should be filtered.

Starting in VPOP3 version 6.9, you can specify much more advanced rules to be more specific about which attachments are to be blocked. This section describes the advanced rule syntax. Note that because this is a powerful configuration language, it may be complex to understand. The Attachment filter rules section can contain a mixture of plain wildcard filenames, and advanced rules. VPOP3 will process them in order, from top to bottom, until it finds a rule which matches.

An example of an advanced rule is:

{

#this rule checks for some HTML files inside ZIP files

rulename my first attachment filter

checkzip yes

checknotzip no

size < 1kb

size >= 500

filename extensions htm html

content text ajax-loader

}

This rule will check for .HTM or .HTML files within ZIP files (but not outside of ZIP files), which are between 500 and 1023 bytes (inclusive) in size, and contain the text 'ajax-loader'.

General syntax rules:

•The start of an advanced rule is indicated by having a { character on a line of its own.

•The rule ends when VPOP3 sees a } character on a line of its own.

•You cannot nest rules.

•The rule can contain actions and conditions. Note that you can have multiple conditions of the same type, and VPOP3 will check them all.

•VPOP3 processes the rule definition in order from top to bottom. Usually this doesn't matter, but in some cases it may - (eg "CheckZip Yes" followed by "CheckEncryptedZip No")

•All the conditions have to match for the rule to match.

•Each action or condition has to be on a line of its own.

•The action/condition name and options are case insensitive. The data is case sensitive except for filename checks which are case insensitive or where specified below.

Variables

Variables last for the lifetime of processing the current message, so can be used to pass variables between the checks for different attachments within a single message (eg to check for multiple attachments).

Default Variables
When a rule is processed, some variables are set to values which may be useful

${attachname} contains the name of the attachment currently being processed.

${archivename} contains the name of the attachment ZIP currently being processed (this is empty if the file being checked is not inside a ZIP file).

${mimetype} contains the MIME type of the attachment currently being processed as specified in the email message (this is empty if the file being checked is inside a ZIP file).

${messagetype} contains the 'type' of message currently being processed (SMTPINCOMING, SMTPLOCAL or POP3).

Rulename

Syntax: Rulename rulename

Example: Rulename This is my rule

This specifies a name for the rule. This is used in logging, and can be used the Log action. If you do not specify a rule name, then the line number of the start of the rule in the filter list is used.

SetIfMatch

Sets/clears/updates a variable if the rule matches. Note that if the rule matches and any SetIfMatch actions are in the rule, then the rule will not trigger the 'prohibited attachment' action.

Syntax: SetIfMatchvariablename Clear

Example: SetIfMatch myvar Clear

Clears the specified variable if the rule matches

Syntax: SetIfMatch variablename Set ( data | "data" )

Example: SetIfMatch myvar Set "This is some data "

Sets the specified variable to the specified data if the rule matches. Quotes around the data are optional, and will be removed if they are there. If you need to set leading or trailing spaces in the variable, then you should use quotes to avoid them being trimmed. data can contain expansions (see below).

Syntax: SetIfMatchvariablenameAppend ( data | "data" )

Example: SetIfMatch myvar Append bibble

Adds the specified data to the specified variable if the rule matches. Quotes around the data are optional, and will be removed if they are there. If you need to set leading or trailing spaces in the variable, then you should use quotes to avoid them being trimmed. data can contain expansions (see below).

Replaces data in the specified variable if the rule matches The text in data1 (case insensitive) is replaced with the text in data2. Quotes around the data are optional, and will be removed if they are there. If you need to set spaces in data1 or you need to set leading or trailing spaces in data2, then you should use quotes. data2 can contain expansions (see below).

Replaces data in the specified variable if the rule matches The regular expression data1 is replaced with the text in data2. Quotes around the data are optional, and will be removed if they are there. If you need to set spaces in data1 or you need to set leading or trailing spaces in data2, then you should use quotes.

You can use \1, \2 etc in data2 which will be replaced with the contents of the corresponding capture group from data1.

SetIfNoMatch

This sets/clears/updates a variable if the rule does not match. Other than that, it is the same as the SetIfMatch action above.

Log

This causes VPOP3 to write an entry to the VPOP3.LOG file for diagnostic purposes.

Stop

Syntax: Stop

Example: Stop

This stops the remainder of the attachment filter process if the rule matches. The rule will not trigger the 'prohibited attachment' action. This can be useful for preventing attachment filtering in some cases.

SpamScore

(Version 6.20 or later)

Syntax: SpamScore number

Example: SpamScore 200

This adds the specified number onto the spamfilter score which may affect message quarantining (note that number can be negative if you wish to use it as a 'whitelisting' mechanism).

Text Expansions

Some actions will expand text strings to include variables. To indicate a text expansion use ${} around a variable name. Eg ${myvar} will be replaced with the contents of the myvar variable.

Rule Conditions

CheckZip

Syntax: CheckZip ( yes | no | true | false | 1 | 0 )

Example: CheckZip no

This tells VPOP3 whether to check inside ZIP files. By default, VPOP3 will check inside ZIP files if the Filter attachments in ZIP files option is checked, and not otherwise, but this can be specified on a per-rule basis with the advanced rules. This implies both the CheckEncryptedZip and CheckUnencryptedZip options below.

CheckEncryptedZip

Syntax: CheckEncryptedZip ( yes | no | true | false | 1 | 0 )

Example: CheckEncryptedZip yes

This tells VPOP3 whether to check inside encrypted ZIP files. By default, VPOP3 will check inside all ZIP files if the Filter attachments in ZIP files option is checked, and not otherwise, but this can be specified on a per-rule basis with the advanced rules. Note that the content of encrypted ZIP files cannot be tested, but the filenames and compressed & uncompressed sizes can be tested.

CheckUnencryptedZip

Syntax: CheckUnencryptedZip ( yes | no | true | false | 1 | 0 )

Example: CheckUnencryptedZip 1

This tells VPOP3 whether to check inside unencrypted ZIP files. By default, VPOP3 will check inside all ZIP files if the Filter attachments in ZIP files option is checked, and not otherwise, but this can be specified on a per-rule basis with the advanced rules.

CheckNotZip

Syntax: CheckNotZip ( yes | no | true | false | 1 | 0 )

Example: CheckNotZip 0

This tells VPOP3 whether to check files which are not inside ZIP files. By default, VPOP3 will check these files, but you can turn it off on a per-rule basis if you wish.

This compares the compressed size of the attachment as specified. (If the attachment is not in a ZIP file, then the compressed size is the same as the uncompressed size.

Filename / Name

This checks the filename of the attachment as specified. Filename and Name are equivalent.

Syntax: Filename [not] text wildcardpattern

Example: Filename text *.exe

This checks the filename against the wildcard pattern specified. If not is used, then the check will match if the filename does not match the pattern. The wildcard pattern can include DOS style wildcards (* & ?).

Syntax: Filename [not] regex regex

Example: Filename not regex /\.exe$/i

This checks the filename against the regular expression specified. If not is used, then the check will match if the filename does not match the pattern.

Syntax: Filename [not] extensions ext [ext...]

Example: Filename extensions html htm js

This checks the filename against the list of extensions specified (1 or more). If the extension matches any of the specified extensions, then the check will match. If not is used, then the check result is inverted.

Variable / Var

This checks the contents of the specified variable. Variable and Var are equivalent.

Syntax: Variable variablename [not] text wildcardpattern

Example: Variable myvar not text aaaaa*

The specified variable's contents will be compared against the wildcard pattern specified. If not is used, then the check will match if the variable contents do not match the pattern. The wildcard pattern can include DOS style wildcards (* & ?).

Syntax: Variable variablename [not] regex regex

This checks the specified variable's contents against the regular expression specified. If not is used, then the check will match if the variable contents do not match the pattern.

Content

This checks the content of the attachment as specified. The contents of files inside encrypted ZIP files cannot be checked. Also, VPOP3 will only allow you to check attachments up to 100kB in size (for performance reasons). Content checks have optional start/end/length settings to allow you to limit which part of the attachment to check. The start & end default to the start and end of the attachment. You can use either end or length as you wish.